Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Yes - B
TPM is in-built chip on motherboard such as iPhone calls it T2 while HSM is external hardware device that can be removed. HSM usage is usually for datacentres while TPM focus on endpoint/ device/ machine.
Ans is A.
Its asking which one can do encrtpytion and has use key crypto.
TPM and HSM only store crypto keys, it is not any encryption device.
https://support.microsoft.com/en-us/topic/what-is-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee
Answer D) HSM
https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-understand-concepts#:~:text=A%20hardware%20security%20module%20(HSM,authentication%20and%20provides%20crypto%2Dprocessing.
TPM does not handle ROOT KEYS..it handles a STORAGE ROOT KEY, but that is used as the master key for TPM access and not the same as a ROOT KEY
Bitlocker does not manage any keys.
https://www.linkedin.com/advice/0/what-best-practices-managing-tpm-keys-certificates#:~:text=The%20TPM%20can%20create%20and,platform%20configuration%20registers%20(PCRs).
BitLocker is a full-disk encryption feature provided by Microsoft Windows operating systems. It uses a root key, which is protected by the Trusted Platform Module (TPM) or other authentication mechanisms, to secure the encryption of data on the endpoint.
The correct answer is "B" (TPM). See https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals "Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself."
In PKI, there is no notion of a "root key". There is a "root certificate", which key is usually stored in a HSM, but this key is not called a root key. Therefore, answer "D" is incorrect. The question is "secure and efficient method of encrypting data on an endpoint", meaning Bitlocker, however, Bitlocker does not include a root key, but a TPM does.
A Hardware Security Module (HSM) is a secure physical device that provides cryptographic functions and key management. HSMs are specifically designed to secure and manage cryptographic keys, including root keys, in a tamper-resistant and highly secure environment. They offer a robust solution for encrypting data on an endpoint by safeguarding the encryption keys used in the process.
D. Hardware security module (HSM).
A hardware security module (HSM) is a dedicated physical device that provides secure cryptographic operations and key management. It includes a root key, which is a master key that is used to generate and manage other keys within the HSM. The root key is securely stored within the HSM, ensuring its confidentiality and protection.
While TPM provides secure storage for encryption keys, it does not specifically include a root key. The root key mentioned in the question typically refers to a master key or a key hierarchy used in key management systems like Hardware Security Modules (HSMs). HSMs are specialized devices that offer more advanced key management functionalities and are often used in high-security environments.
So, while TPM is a valid solution for secure and efficient endpoint encryption, it does not explicitly include a root key as mentioned in the question.
on top of all the CISSP study guide and student edition mentions - "Computers that incorporate a TPM can create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called wrapping or binding a key, can help protect the key from disclosure. Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself. The private portion of a storage root key or endorsement key that is created in a TPM is never exposed to any other component, software, process, or user."
https://security.stackexchange.com/questions/181539/how-are-bitlocker-fde-keys-stored-in-the-tpm
An endpoint is any device that is physically an end point on a network. Laptops, desktops, mobile phones, tablets, servers, and virtual environments can all be considered endpoints.
what can be installed on all end points?
B.
Don't understand what is "root key". TPM is the best guess.
https://learn.microsoft.com/en-us/javascript/api/azure-iot-provisioning-service/tpmattestation?view=azure-node-latest
storageRootKey
The storage root key is embedded in the Trusted Platform Module (TPM) security hardware. It is used to protect TPM keys created by applications, so that these keys cannot be used without the TPM. Unlike the endorsement key (which is generally created when the TPM is manufactured), the storage root key is created when you take ownership of the TPM. This means that if you clear the TPM and a new user takes ownership, a new storage root key is created. This property is not typically manipulated by the service client.
The storageRootKey is a base64 encoded value.
TPM is not a solution for encrypting. It's for key storing. How are you gonna encrypt data only using TPM? You need some software which will encrypt data. It's Bitlocker.
"The user must create a password, which is needed every time they access their PC or drive."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stickerbush1970
Highly Voted 1 year, 7 months agodev46
1 year, 7 months agojackdryan
11 months, 4 weeks ago8b48948
Most Recent 2 weeks agoVasyamba1
1 month, 1 week agohomeysl
1 month, 2 weeks agohoho2000
1 month, 2 weeks agogjimenezf
3 months, 3 weeks agoYesPlease
4 months, 3 weeks agoAMANSUNAR
5 months, 2 weeks ago74gjd_37
7 months, 1 week agojanvandermerwer
9 months, 2 weeks agoBach1968
10 months agoThe1BelowAll
1 year, 1 month agoRVoigt
1 year, 3 months agoDelab202
1 year, 4 months agoArunlab
1 year, 5 months agocmakiva
6 months, 3 weeks agoFiredragon
1 year, 5 months agorootic
1 year, 6 months agoBhuraw
1 year, 6 months agoDeviantMoto
9 months agoDeviantMoto
9 months ago